Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Service Manager9.41

Develop > Tailoring > Form creation > Forms Designer > Creating and editing forms > Enable HTML Editor whitelist

Enable HTML Editor whitelist

The HTML Editor enables users to visually add and edit rich text content formatted with HTML tags. Though the HTML Editor is powerful, web sites may be abused without a proper security control. Therefore, as of HPE Service Manager 9.41, you can use the HTML Editor whitelist to define a list of allowed HTML elements.

To enable the HTML Editor whitelist and define a list of allowed HTML elements, follow these steps:

Log on to Service Manager as a system administrator.
Click Tailoring > HTML Editor Whitelist.
Select the HTML Editor Whitelist check box. By default, this check box is cleared.
Define a list of allowed HTML Tags and attributes in the Allowed Tags/Attributes section. For example, add script as an allowed tag so that you are able to input the <script> tag by using the HTML Editor.
Define a list of allowed URL protocols for some elements in the Allowed URL Protocols section. For example, add a as an allowed tag, specify href as the attribute, and then specify one or more protocols that are used by the href attribute, such as http, https, mailto and ftp.
Click Save and OK.
Do either of the following to make the customized HTML Editor whitelist effective:
- Restart the web application server if you are working with the Service Manager web client.
- Log out and then log on to the Service Manager Windows client again.

After the HTML Editor whitelist became effective, you are only allowed to input the elements as listed in the whitelist when editing HTML contents using the HTML Editor. You need to click the HTML validate button to validate your input before saving your changes. If there are tags, attributes or protocols that violate the whitelist, the system displays some warning messages. For example:

The HTML document contains some tags <script>,<javascript> that are not allowed by the system. Contact your Service Manager system administrator for assistance.

The HTML document contains some attributes for tags (<tag attribute...>) <div onlick>,<p onerror> that are not allowed by the system. Contact your Service Manager system administrator for assistance.

The HTML document contains some values in the attributes of tags (<tag attribute>) <img src>,<a href> that are not allowed by the system. Contact your Service Manager system administrator for assistance.

You must review your input and avoid using these invalid tags, attributes, or protocols. Alternatively, you can ask your Service Manager system administrator to include these tags, attributes or protocols to the whitelist. Otherwise, the system automatically removes these invalid elements from your input after you click Save in the HTML editor.

Note

The HTML validate button is visible only when you have installed the Service Manager 9.41 components (including server, client, and applications) and enabled the HTML Editor whitelist.

The HTML validate button is available in both the source mode and the wysiwyg mode of the HTML Editor on the web client. However, this button is only available in the wysiwyg mode of the HTML Editor on the Windows client. When you use the source mode to edit an HTML document on the web client, it is very convenient to click the HTML validate button to validate your input. However, you need to switch to the wysiwyg mode on the Windows client to validate the HTML document before saving it.

Caution HPE Service Manager 9.41 introduces the HTML Editor whitelist solution and provides a default whitelist for tags, attributes or protocols that are allowed in Service Manager out-of-box knowledge documents. HPE recommends you to enable this enhancement. However, your HTML documents may contain tags, attributes, or protocols that are not defined in the whitelist before the 9.41 release. HPE recommends the Service Manager system administrators to perform extensive tests in the development environment and add all necessary tags, attributes, or protocols to the whitelist before enabling the HTML Editor whitelist. Otherwise, enabling the HTML Editor whitelist without prior tests may cause data loss to the existing knowledge documents in the production environment.

Send Help Center feedback